AdGuardHome icon indicating copy to clipboard operation
AdGuardHome copied to clipboard
verified publisher icon AdguardTeam

https admin interface setting independent of enabling DoH

Open timkgh opened this issue 11 months ago • 2 comments

Prerequisites

  • [x] I have checked the Wiki and Discussions and found no answer

  • [x] I have searched other issues and found no duplicates

  • [x] I want to request a feature or enhancement and not ask a question

The problem

Please provide a separate setting to enable https for the admin interface that is independent of enabling DoH too. While I want to access the web admin interface in a secure way, I do not want to give clients DoH access too.

Proposed solution

Simple config option that disables these endpoints:

https://github.com/AdguardTeam/AdGuardHome/blob/6633ad63049468ad35283ee914651587cf39ef2d/internal/dnsforward/http.go#L742

Alternatives considered and additional information

No response

timkgh avatar Jan 26 '25 16:01 timkgh

Should also disable serving this record when DoH is disabled.

> q _dns.resolver.arpa SVCB
_dns.resolver.arpa. 10s SVCB 1 router. alpn="h2" port="3443" dohpath="/dns-query{?dns}"

timkgh avatar Jan 27 '25 15:01 timkgh

Upvote this, The reverse proxy solution proposed here https://github.com/AdguardTeam/AdGuardHome/issues/7424 does not solve the issue, as on windows 11 DOH setup when I add the IP, the windows resolves the DOH automatically to the wrong hidden port 4443 for example. Web https should listen only to IP address as http, so can be set to local address. While https serving DOH should still be public same as TLS/QUIC

Raviu56 avatar May 24 '25 19:05 Raviu56